← Back to Blog

What ASIC RG 271 requires from financial institutions — a plain-English guide

• 7 min read

What ASIC RG 271 requires from financial institutions — a plain-English guide

Audience: Compliance analysts at Australian banks and superannuation funds
Scope: ASIC Regulatory Guide 271 — Internal Dispute Resolution (IDR)

Why this guide exists

ASIC’s Regulatory Guide 271 (RG 271) sets the rules for how financial firms must handle customer complaints internally. Getting IDR right is not optional — the standards embedded in the ASIC Corporations, Credit and Superannuation (Internal Dispute Resolution) Instrument 2020/98 are legally enforceable. A failure to comply is a failure to meet your licence obligations.

This guide walks through what RG 271 actually requires of you in practice.

The big picture: what RG 271 is trying to achieve

ASIC frames RG 271 within the broader objectives of Chapter 7 of the Corporations Act. In plain terms, the regulator wants to:

  • Give consumers and investors the confidence to participate in the financial system
  • Hold financial firms to standards of fairness, honesty, and professionalism
  • Support markets that are fair, orderly, and transparent
  • Reduce systemic risks across the financial sector

Your IDR process is one of the primary mechanisms ASIC uses to hold firms to those standards. It is not just a customer service function — it is a regulated activity that ASIC actively oversees.

Who this applies to

RG 271 applies to Australian financial services (AFS) licensees and Australian credit licensees, which covers banks, insurers, mortgage brokers, financial advisers, and superannuation trustees. If your firm holds a licence and interacts with retail customers, you are in scope.

What counts as a complaint

A complaint is any expression of dissatisfaction — whether about a product, service, staff conduct, or a firm’s policy — where a response or resolution is explicitly or implicitly expected. Critically, you cannot require a customer to use a particular form or channel to lodge a complaint. If someone calls, emails, walks in, or writes to you expressing dissatisfaction and expecting a response, that is a complaint under RG 271, and your IDR obligations are triggered immediately.

Watch out for: Staff at the point of contact resolving issues informally and not logging them. If it is a complaint under the definition, it must be recorded and managed through your IDR process — no exceptions.

Timeframes: the hard deadlines

This is where firms most commonly breach their obligations. RG 271 sets maximum timeframes that are not negotiable:

Complaint typeMaximum timeframe
General complaints30 calendar days
Superannuation complaints (standard)45 calendar days
Superannuation complaints (death benefit)90 calendar days
Credit-related hardship, default notices, repossession21 calendar days

The clock starts on the day the complaint is received — not the day it is allocated to a staff member, not the day it is formally acknowledged. Day one is the day the customer expressed dissatisfaction.

What triggers a breach: Failing to provide an IDR response within the applicable timeframe is a breach, even if you are still working on the resolution. If you cannot finalise a response in time, you must still write to the customer before the deadline, explain the delay, and advise them of their right to take the matter to AFCA (the Australian Financial Complaints Authority).

What your IDR response must contain

An IDR response is not just a letter saying whether you uphold or reject a complaint. RG 271 specifies the minimum content:

  1. The outcome — whether you are accepting, partially accepting, or rejecting the complaint
  2. Your reasons — a clear explanation of why you reached that outcome, written in plain language the customer can understand
  3. AFCA referral information — you must tell the customer they can go to AFCA if they are unhappy with your response or if 30 days have passed without a response. This must include AFCA’s contact details and the time limits for lodging with AFCA
  4. Awareness of limits — if the complaint falls outside AFCA’s jurisdiction (for example, it is out of time), your response should note this

If you close a complaint without sending a formal IDR response — for example, because the customer appears satisfied — you still need to document that resolution. Oral resolutions accepted by the customer within five business days of the complaint being made are permitted, but must be recorded.

Your internal process obligations

RG 271 does not just regulate the output (the response letter) — it regulates your internal process too. Your IDR framework must:

  • Be accessible: Customers must be able to find out how to make a complaint without difficulty. This means your IDR process must be publicised on your website, in product disclosure documents, and at point of service
  • Be free: You cannot charge customers to make a complaint or to have it handled
  • Be fair: Complaints must be assessed on their merits. Staff handling complaints must be appropriately trained, empowered to remedy issues, and not incentivised in ways that discourage fair outcomes (for example, performance targets that reward complaint dismissal)
  • Track and report data: You must collect and maintain data on complaints — including volumes, types, outcomes, and timeframes. This data must be reported to AFCA and is subject to ASIC scrutiny

Systemic issues: a frequently missed obligation

One of the less obvious — but important — requirements is the obligation to identify systemic issues. If your complaint data reveals a pattern (for example, multiple customers raising the same problem with a product, process, or disclosure document), you are expected to escalate that pattern for investigation and remediation — not just resolve each individual complaint in isolation.

This means your IDR process needs a mechanism to flag and escalate potential systemic issues to senior management or your responsible manager. Firms that handle complaints individually without ever looking at the aggregate picture are likely to be non-compliant with the spirit of RG 271, and potentially the letter of it.

The standard ASIC must consider: AS/NZS 10002:2014

When ASIC sets or reviews IDR requirements, it is required to take into account AS/NZS 10002:2014 — the Australian and New Zealand standard for complaints handling. Your IDR framework should reflect the principles in that standard, which include visibility, accessibility, responsiveness, objectivity, charges, confidentiality, and continual improvement. If ASIC ever scrutinises your IDR process, alignment with AS/NZS 10002:2014 will be a reference point.

What ASIC can do if you get it wrong

Non-compliance with RG 271’s enforceable requirements can result in:

  • Licence conditions being imposed or varied
  • Enforceable undertakings
  • Civil penalty proceedings
  • Public adverse findings

ASIC also monitors IDR performance indirectly through AFCA data. If your firm is generating a disproportionate number of AFCA complaints — particularly complaints that could have been resolved at IDR — expect regulatory attention.

Key takeaways for compliance teams

  • Log every complaint from the moment it is received — the clock is already running
  • Know your applicable timeframe (30, 21, 45, or 90 days depending on complaint type)
  • If you cannot respond in time, write to the customer before the deadline anyway
  • Every IDR response must include your reasons and AFCA referral information
  • Your process must be visible, free, and fair — and documented to show that it is
  • Review aggregate complaint data regularly and escalate patterns as potential systemic issues

This guide is based on ASIC RG 271 and the ASIC Corporations, Credit and Superannuation (Internal Dispute Resolution) Instrument 2020/98. It is a practical summary for compliance purposes and does not constitute legal advice. Always refer to the current version of RG 271 and your legal counsel for definitive guidance.